Update cfengine to 1.6.3

* Expansion of $(dollar) broken in 1.6.0 - fixed

	* Locking problem in cfd fixed. Problem causing access
	denied while re-reading config files. MAXTRIES increased
	for high volume services, was causing premature apoptosis.

	dest= could not refer to a filename with spaces, fixed.

	* Made recipient variables in client.c long instead of
	size_t in rstat, for 64 bits. With %ld in scanf.

	* Cfengine 1.6.0-1.6.3 introduces filters into processes
	and files.

	* 1.6.3 change from Berkeley DB2 to DB3 - not backward compatible!!!
	  Update Berkeley db with
	     cd build_unix
	     ../dist/configure
	     make; make install
	     ln -s /usr/local/BerkeleyDB.3.2 /usr/local/BerkeleyDB

2000-06-13  David Masterson  <David.Masterson@kla-tencor.com>

	* 1.6.0.a2: re-released to Mark after stupid mistakes.

	* src/Makefile.am (noinst_HEADERS): add cfparse.h

	* Makefile.am (EXTRA_DIST): add acconfig.h

2000-06-12  David Masterson <David.Masterson@kla-tencor.com>

	* 1.6.0.a2: released to Mark

	* General: Attempted to convert to reincorporate all my Automake
	stuff into the release.

2000-06-12  Mark Burgess <Mark.Burgess@hio.no>

	* 1.6.0-alpha1: released

	* General: Rewrite of DCE code by Transarc/IBM.  Add elsedefine=
	tag as complement to define=.  CompressCommand action=compress in
	files, tidy, compress=true for compressing files on the fly.  Bug
	in copy with size= fixed.  Was ignored if file didn't exist.
	Modules: in addition to setting classes, can return lines
	=ENVVAR=value which sets cfengine environment variables.  This
	allows modules to set variables which can be inherited directly by
	scripts.

2000-05-11  David Masterson  <David.Masterson@kla-tencor.com>

	* contrib/Makefile.am (pkgdata_SCRIPTS): change cfemacs.el to
	cfengine.el in keeping with internal documentation.  Also renamed
	the file as well.

2000-05-08  David Masterson  <David.Masterson@kla-tencor.com>

	* Release: V1.6 released to Mark for verification.

	* Everything:  Many things have been changed and reorganized for
	the shift to automake generated Makefiles.  See the end of the
	NEWS file for more information.

2000-04-24  David Masterson  <David.Masterson@kla-tencor.com>

	* ChangeLog: Created and initialized with old VERSION.DIFF


***************** Minor Version 5 ********************

KNOWN BUGS: linux, when making directories, ownership can perms can be wrong.


1.5.4
  Added security message in checksum=md5 for cfengine if new files appear
  Bug in class evaluation with multiple embedded groups fixed
  Bug in file transfer could hang a server in special circumstances.
  Bug in secure recursive copy (access denied incorrectly).

  Type change, size is off_t in cfstat struct

  Multiple define bug in copy: could cause endless loop
  Thread counting error fixed in cfd
  Required/disk suspicious warnings now cause classes to be defined
  Resolver could delete substring lines

  Extra measures against Denial of Service attacks on cfd, only one
  instance of a host-IP may be connected at one time.

  1) Multiple connections from the same host are refused by default
     (before any recv())
  2) A DenyConnectionsFrom list will prevent named IP adresses from connecting
     (before any recv) or a general AllowConnectionsFrom mask...
  3) If the thread table is full for more than five requests, cfd commits
     suicide (apoptosis) to avoid resource usage by spamming.

  The control variable "DenyConnectionsFrom = ( ip1 ip2 ... )" allows a list
  of numerical IP masks to be specified, which cfd will deny connections from.
  This can be used to prevent hanging connection attacks from malicous hosts
  and other Denial of Service attacks.

   e.g. cfd.conf

     control:

      AllowConnectionsFrom ( 128.39.89 )
      DenyConnectionsFrom = ( 128.39.89.4 )

  This is in addition to tcp wrapper stuff, but the TCP wrapper code cannot
  protect against denial of service attacks.
  typecheck=false in copy switches off error messages on type mismatch.
This commit is contained in:
abs 2001-06-04 16:18:21 +00:00
parent 972d1731b3
commit 64c787b2e1
10 changed files with 133 additions and 224 deletions

View file

@ -1,16 +1,16 @@
# $NetBSD: Makefile,v 1.7 2001/02/17 17:42:11 wiz Exp $
# $NetBSD: Makefile,v 1.8 2001/06/04 16:18:21 abs Exp $
#
DISTNAME= cfengine-1.5.3
PKGNAME= cfengine-1.5.3nb3
DISTNAME= cfengine-1.6.3
CATEGORIES= sysutils net
MASTER_SITES= ftp://ftp.iu.hioslo.no/pub/cfengine/ \
ftp://ftp.cfengine.webmotion.net/pub/cfengine/
MAINTAINER= abs@netbsd.org
MAINTAINER= packages@netbsd.org
HOMEPAGE= http://www.iu.hioslo.no/cfengine/
COMMENT= Automate configuration and administration of large systems
GNU_CONFIGURE= YES
CONFIGURE_ARGS= --without-pthreads
.include "../../mk/bsd.pkg.mk"

View file

@ -1,11 +1,9 @@
$NetBSD: distinfo,v 1.2 2001/04/19 11:29:00 agc Exp $
$NetBSD: distinfo,v 1.3 2001/06/04 16:18:21 abs Exp $
SHA1 (cfengine-1.5.3.tar.gz) = bc0a21bfc7ec42c1c0e670ea07914334c5a967c3
Size (cfengine-1.5.3.tar.gz) = 688032 bytes
SHA1 (patch-aa) = 1d8bac1660b4ad5bb8f842e3d47f910aa58e20a2
SHA1 (patch-ab) = a11e41ece3fd40d199683e7ae2643d6fbd4eba49
SHA1 (patch-ac) = 24a0e33de1ed2fcd4681ce8e02e6b8ad7e02b567
SHA1 (patch-ad) = abc7468db030405de93263d75a38295ac3367d73
SHA1 (patch-ae) = 0a4531e51b358b5f7e57e15822f3cf7f76b31567
SHA1 (patch-af) = 81994c772fb18edef2125ffb65ff4cb71394f5e7
SHA1 (patch-ag) = 7332d24653510e702b06e6ab4eb914cfac186875
SHA1 (cfengine-1.6.3.tar.gz) = 4bd3fd2e2b9b798c9a3a6e8c64a7dee2cd4ab763
Size (cfengine-1.6.3.tar.gz) = 867265 bytes
SHA1 (patch-aa) = 0a9acfd8825be20f6739b5ec7a67fdec5376bb89
SHA1 (patch-ab) = 4ea38815ee7a13696df545ac25b51246dcc80c42
SHA1 (patch-ac) = 18c6f129246203d763b48f357fead560da2f5bf3
SHA1 (patch-ad) = 0044a60597fea926bbf456862f7fe61a96f6b37d
SHA1 (patch-ae) = 99496b14f80c8605886cd78a520af4d1c6cc0475

View file

@ -1,53 +1,10 @@
$NetBSD: patch-aa,v 1.2 2000/10/02 16:43:45 abs Exp $
$NetBSD: patch-aa,v 1.3 2001/06/04 16:18:21 abs Exp $
--- configure.orig Mon Oct 25 09:25:53 1999
+++ configure
@@ -1073,6 +1073,8 @@
# It thinks the first close brace ends the variable substitution.
test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
--- Makefile.am.orig Tue Jun 13 18:25:29 2000
+++ Makefile.am
@@ -1,4 +1,4 @@
-SUBDIRS = pub src bin contrib inputs doc
+SUBDIRS = pub src bin contrib inputs
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
EXTRA_DIST = SURVEY acconfig.h
@@ -3984,6 +3986,7 @@
+if false; then
echo $ac_n "checking for main in -lpthread""... $ac_c" 1>&6
echo "configure:3989: checking for main in -lpthread" >&5
ac_lib_var=`echo pthread'_'main | sed 'y%./+-%__p_%'`
@@ -4105,6 +4108,7 @@
echo "$ac_t""no" 1>&6
fi
done
+fi
echo $ac_n "checking for lchown""... $ac_c" 1>&6
@@ -4158,6 +4162,7 @@
echo "$ac_t""no" 1>&6
fi
+if false; then
echo $ac_n "checking for pthread_attr_setstacksize""... $ac_c" 1>&6
echo "configure:4163: checking for pthread_attr_setstacksize" >&5
if eval "test \"`echo '$''{'ac_cv_func_pthread_attr_setstacksize'+set}'`\" = set"; then
@@ -4353,6 +4358,7 @@
fi
fi
+fi
# Check whether --enable-DCE or --disable-DCE was given.
@@ -5011,6 +5017,7 @@
s%@YACC@%$YACC%g
s%@RANLIB@%$RANLIB%g
s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g
+s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g
s%@INSTALL_DATA@%$INSTALL_DATA%g
s%@PERL@%$PERL%g
s%@TEX@%$TEX%g

View file

@ -1,22 +1,13 @@
$NetBSD: patch-ab,v 1.4 2000/10/02 16:43:45 abs Exp $
$NetBSD: patch-ab,v 1.5 2001/06/04 16:18:21 abs Exp $
--- contrib/Makefile.in.orig Thu Apr 10 09:19:55 1997
+++ contrib/Makefile.in
@@ -12,7 +12,7 @@
datadir = @datadir@
--- Makefile.in.orig Wed Feb 21 12:17:36 2001
+++ Makefile.in
@@ -77,7 +77,7 @@
VERSION = @VERSION@
YACC = @YACC@
INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
-SUBDIRS = pub src bin contrib inputs doc
+SUBDIRS = pub src bin contrib inputs
MKINSTALLDIR = @top_srcdir@/bin/mkinstalldirs
EXTRA_DIST = SURVEY acconfig.h
@@ -28,7 +28,7 @@
${MKINSTALLDIR} ${sbindir}
for x in $?; \
do \
- ${INSTALL_PROGRAM} $$x ${sbindir}; \
+ ${INSTALL_SCRIPT} $$x ${sbindir}; \
done
clean:

View file

@ -1,13 +1,36 @@
$NetBSD: patch-ac,v 1.2 2000/10/02 16:43:45 abs Exp $
$NetBSD: patch-ac,v 1.3 2001/06/04 16:18:21 abs Exp $
--- src/encrypt.c.orig Wed Aug 11 10:32:33 1999
+++ src/encrypt.c
@@ -39,6 +39,8 @@
#ifdef HAVE_LIBCRYPTO /* must be des.h from OpenSSL */
# ifdef HAVE_OPENSSL_DES_H
# include <openssl/des.h>
+# else
+# undef HAVE_LIBCRYPTO
# endif
#endif
--- configure.orig Mon Jan 29 19:21:35 2001
+++ configure
@@ -3856,6 +3856,7 @@
echo "$ac_t""$rtry" 1>&6
+if false; then
echo $ac_n "checking for main in -lpthread""... $ac_c" 1>&6
echo "configure:3861: checking for main in -lpthread" >&5
ac_lib_var=`echo pthread'_'main | sed 'y%./+-%__p_%'`
@@ -3981,6 +3982,7 @@
done
fi
+fi
echo $ac_n "checking for lchown""... $ac_c" 1>&6
echo "configure:3987: checking for lchown" >&5
@@ -4034,6 +4036,7 @@
fi
+if false; then
echo $ac_n "checking for pthread_attr_setstacksize""... $ac_c" 1>&6
echo "configure:4039: checking for pthread_attr_setstacksize" >&5
if eval "test \"`echo '$''{'ac_cv_func_pthread_attr_setstacksize'+set}'`\" = set"; then
@@ -4228,6 +4231,7 @@
echo "$ac_t""no" 1>&6
fi
+fi
fi

View file

@ -1,20 +1,44 @@
$NetBSD: patch-ad,v 1.4 2000/10/02 16:43:45 abs Exp $
$NetBSD: patch-ad,v 1.5 2001/06/04 16:18:21 abs Exp $
--- src/image.c.orig Tue Sep 14 09:28:09 1999
+++ src/image.c
@@ -193,9 +193,12 @@
DeleteItemList(namecache);
}
-DeleteCompressedArray(ip->inode_cache);
-
-ip->inode_cache = NULL;
+ /* Only flush when exiting initial call to RecursiveImage() */
+if (strcmp(from,ip->path) == 0)
+ {
+ DeleteCompressedArray(ip->inode_cache);
+ ip->inode_cache = NULL;
+ }
--- contrib/vicf.in.orig Mon Jun 4 16:46:23 2001
+++ contrib/vicf.in
@@ -4,7 +4,7 @@
exec_prefix=@exec_prefix@
sbindir=@sbindir@
EDITOR="${EDITOR-vi}"
-CFINPUTS="${CFINPUTS-"@pkgdata@"}
+CFINPUTS="${CFINPUTS-"@pkgdata@"}"
export EDITOR CFINPUTS
NOPARSE="cf.preconf|cfd.conf"
cfclosedir(dirh);
}
@@ -20,7 +20,7 @@
echo "File not found: ${file}"
echo "Only these files are eligible for editing:"
\ls $CFINPUTS
- /usr/ucb/echo -n "Create new file? (Y/n) "
+ echo -n "Create new file? (Y/n) "
read answer
if [ "$answer" = "n" ]
then
@@ -32,10 +32,10 @@
if [ -f ${CFINPUTS}/.${file}.lock -a "$force" = "n" ]
then
i=30
- /usr/ucb/echo -n "File ${file} is busy -- waiting up to $i seconds..."
+ echo -n "File ${file} is busy -- waiting up to $i seconds..."
while [ -f ${CFINPUTS}/.${file}.lock ]
do
- /usr/ucb/echo -n .
+ echo -n .
i=`expr $i - 1`
if [ $i = 0 ]
then
@@ -62,7 +62,7 @@
then
echo PARSE ERROR IN NEW INPUT-FILE:
cat /tmp/cfparse.$$
- /usr/ucb/echo -n "Re-edit file? (Y/n) "
+ echo -n "Re-edit file? (Y/n) "
read answer
if [ "$answer" = "n" ]
then

View file

@ -1,12 +1,20 @@
$NetBSD: patch-ae,v 1.2 2000/10/02 16:43:45 abs Exp $
$NetBSD: patch-ae,v 1.3 2001/06/04 16:18:22 abs Exp $
--- src/install.c.orig Fri Sep 24 14:00:03 1999
+++ src/install.c
@@ -153,6 +153,7 @@
FatalError("Redefinition of basic system variable");
}
strcpy(VNETMASK,value);
+ AddNetworkClass(VNETMASK);
break;
--- src/image.c.orig Thu Feb 15 07:23:22 2001
+++ src/image.c
@@ -206,9 +206,12 @@
DeleteItemList(namecache);
}
-DeleteCompressedArray(ip->inode_cache);
-
-ip->inode_cache = NULL;
+ /* Only flush when exiting initial call to RecursiveImage() */
+if (strcmp(from,ip->path) == 0)
+ {
+ DeleteCompressedArray(ip->inode_cache);
+ ip->inode_cache = NULL;
+ }
cfclosedir(dirh);
}

View file

@ -1,54 +0,0 @@
$NetBSD: patch-af,v 1.2 2000/10/02 16:43:45 abs Exp $
--- src/log.c.orig Mon Oct 2 17:38:13 2000
+++ src/log.c
@@ -71,12 +71,12 @@
if (LOGGING && (getuid() == 0))
{
- syslog(LOG_ERR,string,VFQNAME);
+ syslog(LOG_ERR,"%s",string,VFQNAME);
if (strlen(errstr) != 0)
{
- syslog(LOG_ERR,errstr,VFQNAME);
- syslog(LOG_ERR,strerror(errno),VFQNAME);
+ syslog(LOG_ERR,"%s",errstr,VFQNAME);
+ syslog(LOG_ERR,"%s",strerror(errno),VFQNAME);
}
}
break;
@@ -110,11 +110,11 @@
case cflogonly:
if (LOGGING && getuid() == 0)
{
- syslog(LOG_INFO,string,VFQNAME);
+ syslog(LOG_INFO,"%s",string,VFQNAME);
if ((errstr == NULL) || (strlen(errstr) > 0))
{
- syslog(LOG_ERR,errstr,VFQNAME);
+ syslog(LOG_ERR,"%s",errstr,VFQNAME);
}
}
@@ -125,7 +125,7 @@
if (LOGGING && (getuid() == 0))
{
- syslog(LOG_ERR,string,VFQNAME);
+ syslog(LOG_ERR,"%s",string,VFQNAME);
}
if (string[strlen(string)-1] != '\n')
@@ -141,8 +141,8 @@
if (LOGGING && (getuid() == 0))
{
- syslog(LOG_ERR,errstr,VFQNAME);
- syslog(LOG_ERR,strerror(errno),VFQNAME);
+ syslog(LOG_ERR,"%s",errstr,VFQNAME);
+ syslog(LOG_ERR,"%s",strerror(errno),VFQNAME);
}
}
return;

View file

@ -1,46 +0,0 @@
$NetBSD: patch-ag,v 1.1 2000/10/02 16:43:45 abs Exp $
--- src/misc.c.orig Tue Sep 14 09:46:53 1999
+++ src/misc.c
@@ -652,3 +652,41 @@
AddClassToHeap(CanonifyName(VDOMAIN));
}
+
+/*********************************************************************/
+
+AddNetworkClass(netmask)
+
+const char *netmask;
+
+{
+struct in_addr ip,
+ nm;
+char *sp,
+ nmbuf[maxvarsize],
+ ipbuf[maxvarsize];
+
+ /*
+ * Has to differentiate between cases such as:
+ * 192.168.101.1/24 -> 192.168.101 and
+ * 192.168.101.1/26 -> 192.168.101.0
+ * We still have the, um... 'interesting' Class C default Network Class
+ * set by GetNameInfo()
+ */
+
+ /* This is also a convenient method to ensure valid dotted quad */
+if ( (nm.s_addr = inet_addr(netmask)) != -1 &&
+ (ip.s_addr = inet_addr(VIPADDRESS)) != -1 )
+ {
+ ip.s_addr &= nm.s_addr; /* Will not work with IPv6 */
+ strcpy(ipbuf,inet_ntoa(ip));
+
+ strcpy(nmbuf,inet_ntoa(nm));
+ while( (sp = strrchr(nmbuf,'.')) && strcmp(sp,".0") == 0 )
+ {
+ *sp = 0;
+ *strrchr(ipbuf,'.') = 0;
+ }
+ AddClassToHeap(CanonifyName(ipbuf));
+ }
+}

View file

@ -1,9 +1,16 @@
@comment $NetBSD: PLIST,v 1.2 2000/09/09 18:11:23 wiz Exp $
@comment $NetBSD: PLIST,v 1.3 2001/06/04 16:18:22 abs Exp $
sbin/cfcron
sbin/cfd
sbin/cfdoc
sbin/cfengine
sbin/cfkey
sbin/cfmail
sbin/cfmailfilter
sbin/cfrun
sbin/cfwrap
sbin/vicf
share/cfengine/cf.chflags.example
share/cfengine/cf.freebsd.example
share/cfengine/cf.ftp.example
share/cfengine/cf.groups.example
share/cfengine/cf.linux.example
@ -18,7 +25,8 @@ share/cfengine/cf.users.example
share/cfengine/cfd.conf.example
share/cfengine/cfdaily
share/cfengine/cfengine.conf.example
share/cfengine/cfmail
share/cfengine/cfengine.el
share/cfengine/cfrc.example
share/cfengine/cfwrap
share/cfengine/cfrun.hosts.example
share/cfengine/start-cfd
@dirrm share/cfengine